From

Thank you

Sorry

A week after admitting some phases of its security and identity integration strategy are going slower than planned, Microsoft has hit another snag, this time with its anti-malware software.

The company said Thursday that it’s delaying the release of Forefront Endpoint Protection 2010 (formerly Forefront Client Security) until the second half of 2010. The release of the anti-malware software for Windows desktops and servers had been expected to come in the first half of 2010.

Microsoft said it’s shifting gears and building Forefront Endpoint Protection (FEP) on System Center Configuration Manager, an enterprise tool for evaluating, deploying and updating servers and desktops. Configuration Manager and Operations Manager are the foundations of the System Center portfolio of management products.

The news came via the Forefront Team blog, but the blog entry does not explain how Microsoft plans to “build the product on Configuration Manager.” There are no details on whether that would entail rewriting or redesigning the product or folding it into Configuration Manager.

“It's difficult to discern how much change is necessary to push it into System Center, but having seen the prior product, I'd say it would take a bit of work,” says Tom Henderson, managing director of ExtremeLabs and a member of the Network World Lab Alliance.

The Forefront Client Security code was not developed in-house rather it was acquired when Microsoft bought Sybari Systems in 2005. The code evolved from Sybari’s Antigen software lineup.

“The Forefront stuff is likely to be another element of System Center, like SC-VMM [Virtual Machine Manager] or SC-Forefront, is my guess,” Henderson says. “Potentially, System Center becomes the wrapper for the entire Forefront product set, including the miscellaneous application protection components.”

The blog says the move to delay FEP came from customer feedback and market trends, and adds, “We are confident this is the right decision for our customers.”

“They're trying to fortify System Center,” Henderson says. “I think their greatest competition in this space comes from how Symantec's Altiris products have evolved in this space.”

The blog hints that the coming changes may eventually be tricky for end-users.

“We are developing the necessary tools and guidance to facilitate the future upgrade from Forefront Client Security to Forefront Endpoint Protection and will help customers with the migration process,” the Forefront team says in the blog.

In addition, the blog hints a new product might take the place of FEP. “We will provide information about endpoint security management in Forefront Protection Manager at a later time.” Forefront Protection Manager (formerly called Stirling) is a centralized management console for all the Forefront security products. It is slated to ship in early 2010.

The blog goes on to say: “We remain committed to providing integrated management for the Forefront Protection Suite.”

Microsoft has been working on integrating its security and identity products into a layer of defense defined by access and control for its corporate infrastructure software. Microsoft plans to pull together Active Directory, Forefront software and third-party products and tie it all together with the Forefront Protection Manager console.

It’s an ambitious plan the company has been struggling to get on track.

Last week, Bob Muglia, president of Microsoft's server and tools business, said: “It is fair to say that getting this done in non-trivial. It has taken us perhaps a little longer in some areas then we would like, but we are pretty excited about the progress that we are seeing."

But the FEP delay is clearly another setback.

Microsoft plans to continue to sell the predecessor to FEP, called Forefront Client Security, which supports both Windows Server 2008 R2 and the forthcoming Windows 7.

Microsoft says other products in the Forefront suite remain on schedule. Before the end of the year, Microsoft plans to ship Forefront Protection 2010 for Exchange Server, Forefront Online Protection for Exchange, Forefront Threat Management Gateway 2010 and Forefront Unified Access Gateway 2010. In the first half of 2010, Microsoft will ship Forefront Protection 2010 for SharePoint and Forefront Identity Manager 2010.